StorageSecure is an all-inclusive, secure hardware storage encryption solution that connects to 1 Gb or 10 Gb Ethernet networks over CIFS and NFS and protects shares, folders and files on any NAS filers regardless of vendor. StorageSecure encrypts information based on defined business policies and securely stores the information without impacting ongoing operations or reducing information availability.

StorageSecure securely stores all encryption keys and their associated parameters within hardware. Keys can also be shared with SafeNet KeySecure centralized key management solution that securely stores StorageSecure keys but also other heterogeneous encryption keys for truly centralized key management.

Storage Security Features Offered by StorageSecure:

Our storage encryption solution, StorageSecure, protects data at rest at the share/folder/file level. By providing granular data level protection, instead of enforcing an all or nothing protection, organizations are able to enforce data-specific authorization based on user privileges, job responsibilities, and data location.

Protecting sensitive data at rest is fundamental in ensuring compliance. StorageSecure ensures that sensitive data will be encrypted and rendered unreadable to unauthorized users even as it moves across the different storage tiers, including operations and staff who need to manage the systems but not access the data. Once data is encrypted, it remains encrypted through its lifecycle without any additional intervention.

Backup, replication, and snapshotting applications that work on files on the NAS filers all continue to function exactly as before while the underlying data remains encrypted.

StorageSecure augments existing access controls defined in Microsoft AD, LDAP, NIS and allows enterprises to strengthen these controls for users and administrators by building upon previously defined identity and access management controls, creating stronger separation of duties. In this way, StorageSecure protects against rogue users and administrators.

StorageSecure is a “self-contained” appliance. There are no changes to the storage devices, no agents to install, and more importantly, the user does not need to change their daily operations. StorageSecure is placed within the network on an Ethernet connection, configured based on data/information value and user access controls. Data is automatically encrypted and decrypted within the hardware appliance.

By combining StorageSecure and SafeNet KeySecure, organizations are able to enforce more robust data access and key management controls while eliminating lost and stolen keys and preventing information access. KeySecure can host backup keys to StorageSecure devices for disaster recovery and maintain a key archive for all deployed and purged keys.

StorageSecure Centralized, High-Performance NAS Encryption


Rack Mountable

Standard 19" EIA rack (2U height)


17.4" W x 19" D x 3.5" H (44.2 cm W x 48.3 cm D x 8.9 cm H)


20.0 lbs. (9.1 kg)

Universal AC Input

100-240V ~47-63 Hz, 5A

Hardware Security

NIST FIPS 140-2 level 3 compliant (in process)

  • Anti probing baffles prevent access to device internals.
  • Tamper evident seals indicate if tampering has occurred
  • Tamper switches automatically zeroize key material if activated
  • ZEROIZE button manually zeroizes key material

Rear Points

s220: 1 GbE interfaces using SFP connectors, one for the client side network and the other for the storage side network

  • 1000BASE-T ROHS RJ-45 connector
  • 1000BASE-SX LC connector Multi-mode fibre850 nm
  • 1000BASE-LX LC connector Single-mode fibre1310 nm

s280: 10 GbE interfaces using SFP+ connectors, one for the client side network and the other for the storage side network

  • 10G Base-SR 300 m Multi-mode fibre 850 nm
  • 10G Base-LR 1000 m Single-mode fibre1310 nm

Front LCD

Power, Secure traffic/Management port, Client side network, Storage side network, Unit alarm, Power alarm, Environmental alarm, Smart card reader

Smart Card

1 smart card reader

Hardware Redundancy

2 redundant/hot-swappable power supplies, 2 variable speed fans

Clustering and Failover

Clustering for full redundancy and automatic failover – Clustered StorageSecure appliances share critical configuration information to provide failover and manual load balancing support for the network.



FIPS-PUB 186: AES-256 (Advanced Encryption Standard with 256-bit keys) – PRNG implemented using FIPS 186-2:  (General Purpose;  X-Change Notice; SHA-1).  Uses the SafeXcel 1746 crypto-device TRNG for providing entropy to seeding the PRNG

Operating System

Highly customized, hardened OS

Configurable Security Policy

Fully customizable security settings


A single command will zeroize all keys, effectively making access to encrypted data impossible



User name/password for device management. An additional hardware authentication token is required for access to functions such as key and data recovery, key sharing, and clustering operations. Multi-person quorum-based authentication for sensitive security operations such as recovery, initialization, and establishing trusted relationships may also be implemented


Management Platform

  • Manage all StorageSecure and KeySecure appliances from a single management console
  • Management console uses optional two-factor authentication with role based administration

Supported Protocols

  • CIFS
  • NFS
  • iSCSI
  • HTTP

Supported Directory Services

  • Microsoft Active Directory
  • LDAP
  • NIS
  • Radius

StorageSecure Management Console

Graphical user interface (GUI) available via web browser that is capable of high-grade 128-bit encryption. JavaScript must be enabled to access all functionality available through the management console.

Command Line Interface (CLI)

Command line interface (CLI) available over SSH or directly through the serial console port


SNMP v1, v2c, and v3

Logging and Audit

Cryptographically signed tracking of key events. Configurable audit trail with local and remote (syslog) logging.


Operating Temperature

32°F-104°F (0°C to 40°C)

Operating Humidity

20 to 80% RH @ 40° C operating temperature

Operating Altitude

0 to 1650m AMSL

Safety and Compliance



CSA 60950 - 1

United States

UL 60950 - 1


IEC 60950 -1

European Community

EN60950, TUV R 2845

Electromagnetic Compatibility (EMC)


ICES-003 Class B

United States

FCC Class B


VCCI Class B


RRL Class B

European Community

European Community CE (EN55022 Class B, EN55024, EN61000-3-2 Class A, & EN61000-3-3)

Australia/New Zealand

AS/NZS 3548 Class B


IEC 6095 0-1

Ease of Deployment. SafeNet StorageSecure offers a seamless, non-disruptive deployment that drops into the network between clients and servers, linking them with a high-speed cryptographic path. There are no hosts to configure or software to install. Our storage encryption and security solution, StorageSecure, is ready to encrypt and secure storage transparently without any impact on user experience.

Centralized Policy and Key Management. SafeNet StorageSecure is a part of the Data Encryption and Control offering, such that it is fully integrated into the SafeNet Crypto foundation, including SafeNet KeySecure for key management and data access control policy management. Centralized key management eliminates lost and stolen keys preventing information access. KeySecure can host backup keys to StorageSecure devices for disaster recovery and maintain a key archive for all deployed and purged keys.

Redundancy and High Availability. SafeNet StorageSecure appliances can be clustered with all keys, policies, and configuration information automatically synchronized between cluster members. If one appliance goes offline, the second appliance automatically takes over the combined workload, ensuring that vital encrypted data is always available when needed.

Administration and User Access Controls. SafeNet StorageSecure provides the ability to integrate with user common directory services, such as LDAP, Microsoft AD, and NIS to incorporate existing user access and authentication controls. An additional layer of dual authorization control can be defined within the StorageSecure administration console to further restrict access to sensitive data stored in the storage arrays.

Segregation of Data. Whether used for virtual environments, multi-tenancy, or separation of duties, StorageSecure ensures isolation and granular access to protected data.

Quick and Secure Data Destruction. SafeNet StorageSecure, along with SafeNet KeySecure key management solution, ensure that stored sensitive data has been rendered unreadable in the event the storage appliance needs to be repurposed or the data needs to be destroyed.